Remove restrictive systemd security settings across multiple services and add ProtectSystem=no for SQLite WAL mode compatibility
Some checks failed
Systemd Sync / sync-systemd (push) Has been cancelled
Some checks failed
Systemd Sync / sync-systemd (push) Has been cancelled
- Remove ProtectSystem=strict and ReadWritePaths from agent-daemon, gpu, learning, marketplace, modality-optimization, monitor, multimodal, and openclaw services - Add ProtectSystem=no to coordinator-api, exchange-api, and explorer services to allow database writes for SQLite WAL mode - Retain NoNewPrivileges and ProtectHome security settings across all services
This commit is contained in:
aitbc
@@ -25,9 +25,7 @@ SyslogIdentifier=aitbc-modality-optimization
|
||||
|
||||
# Security
|
||||
NoNewPrivileges=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths=/opt/aitbc/apps/coordinator-api /opt/aitbc/venv
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Reference in New Issue
Block a user